System and method for an endpoint hardware assisted network firewall in a security environment
First Claim
1. At least one non-transitory computer-readable medium that includes code for execution and when executed by at least one processor is operable to perform operations to:
- receive a traffic flow at a tamper resistant environment on a host from an application executing on the host, wherein the tamper resistant environment is separated from an operating system of the host by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host;
monitor, by a virtualization environment on the host, a memory of the host;
identify a memory condition;
request control of the memory;
obtain information associated with the application by accessing the memory;
send the information associated with the application from the virtualization environment to the tamper resistant environment;
receive information associated with the application at the tamper resistant environment from the virtualization environment on the host;
create a modified traffic flow by adding the information associated with the application to the received traffic flow and by adding a device identifier of the host to the received traffic flow; and
send the modified traffic flow to a server.
11 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.
23 Citations
13 Claims
-
1. At least one non-transitory computer-readable medium that includes code for execution and when executed by at least one processor is operable to perform operations to:
-
receive a traffic flow at a tamper resistant environment on a host from an application executing on the host, wherein the tamper resistant environment is separated from an operating system of the host by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; monitor, by a virtualization environment on the host, a memory of the host; identify a memory condition; request control of the memory; obtain information associated with the application by accessing the memory; send the information associated with the application from the virtualization environment to the tamper resistant environment; receive information associated with the application at the tamper resistant environment from the virtualization environment on the host; create a modified traffic flow by adding the information associated with the application to the received traffic flow and by adding a device identifier of the host to the received traffic flow; and send the modified traffic flow to a server. - View Dependent Claims (2, 3)
-
-
4. At least one non-transitory computer-readable medium that includes code for execution and when executed by at least one processor, is operable to perform operations to:
-
receive a traffic flow at a tamper resistant environment on a host from an application executing on the host, wherein the tamper resistant environment is separated from an operating system of the host by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; derive a security token by the tamper resistant environment, wherein the security token is derived from an enhanced privacy identification to attest that the tamper resistant environment is trusted; create a modified traffic flow by adding information associated with the application to the received traffic flow, adding a device identifier of the host, and applying the security token to the traffic flow; and send the modified traffic flow to a server.
-
-
5. At least one non-transitory computer-readable medium that includes code for execution and when executed by at least one processor is operable to perform operations to:
-
receive a traffic flow at a tamper resistant environment on a host from an application executing on the host, wherein the tamper resistant environment is separated from an operating system of the host by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; derive a security token by the tamper resistant environment; create a modified traffic by; adding information, including metadata, associated with the application to the received traffic flow; adding a device identifier of the host; applying the security token to the received traffic flow; and digitally signing the metadata using public key cryptography; and send the modified traffic flow to a server.
-
-
6. At least one non-transitory computer-readable medium that includes code for execution and when executed by at least one processor is operable to perform operations to:
-
receive a traffic flow at a tamper resistant environment on a host from an application executing on the host, wherein the tamper resistant environment is separated from an operating system of the host by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; create a modified traffic flow by adding information associated with the application to the received traffic flow and by adding a device identifier of the host to the received traffic flow; send the modified traffic flow to a server; monitor a memory of the host for a memory condition; identify the memory condition; assign the application to a virtual machine in the virtualization environment based, at least in part, on identifying the memory condition; trap, in the virtualization environment, process events associated with the traffic flow; and check the integrity of the traffic flow before the traffic flow is delivered to the tamper resistant environment. - View Dependent Claims (7, 8, 9)
-
-
10. An apparatus comprising:
-
at least one processor; a security engine including a tamper resistant environment coupled to the at least one processor to; receive a traffic flow from an application executing on the apparatus, wherein the tamper resistant environment is separated from an operating system of the apparatus by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; create a modified traffic flow by adding information associated with the application to the received traffic flow and by adding a device identifier of the apparatus to the received traffic flow; and send the modified traffic flow to a server; and a virtualization environment coupled to the processor to; monitor a memory of the host; identify a memory condition; request control of the memory based on identifying the memory condition; obtain the information associated with the application by accessing the memory; and send the information to the tamper resistant environment.
-
-
11. An apparatus, comprising:
-
at least one processor; and a security engine including a tamper resistant environment coupled to the at least one processor to; receive a traffic flow from an application executing on the apparatus, wherein the tamper resistant environment is separated from an operating system of the apparatus by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; derive a security token; create a modified traffic flow by; adding information, including metadata, associated with the application to the received traffic flow; adding a device identifier of the apparatus to the received traffic flow; applying the security token to the traffic flow; and digitally singing the metadata using public key cryptography; and send the modified traffic flow to a server.
-
-
12. An apparatus, comprising:
-
at least one processor; and a security engine including a tamper resistant environment coupled to the at least one processor to; receive a traffic flow from an application executing on the apparatus, wherein the tamper resistant environment is separated from an operating system of the apparatus by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; create a modified traffic flow by adding information associated with the application to the received traffic flow and by adding a device identifier of the apparatus to the received traffic flow; and send the modified traffic flow to a server; and a trapping module configured to; monitor a memory of the host for a memory condition; identify the memory condition; assign the application to a virtual machine in the virtualization environment based, at least in part, on identifying the memory condition; trap, in the virtual environment, process events associated with the traffic flow; and check the integrity of the traffic flow before the traffic flow is delivered to the tamper resistant environment.
-
-
13. A method comprising:
-
receiving a traffic flow at a tamper resistant environment on a host from an application executing on the host, wherein the tamper resistant environment is separated from an operating system of the host by (a) running on a chipset that does not include a processor running the operating system of the host, or (b) running on a dedicated virtual machine within a virtualization environment on the host; monitoring, by a virtualization environment on the host, a memory of the host; identifying a memory condition; requesting control of the memory; obtaining information associated with the application by accessing the memory; sending the information from the virtualization environment to the tamper resistant environment; receiving information associated with the application at the tamper resistant environment from the virtualization environment on the host; creating a modified traffic flow by adding the information associated with the application to the received traffic flow and by adding a device identifier of the host to the received traffic flow; and sending the modified traffic flow from the tamper resistant environment to a server.
-
Specification